Re: Rejected mails

[sunhux G]

> This log snippet is postfix trying to send mail.  Did you mean to explain 
> that this
> is your own host trying to send to itself?  Some routers don't allow loopback
> connections, so you can't always connect to your own external IP.
I'm sending from external Outlook/Exchange to my SMTP postfix.

> Anything logged by postfix/smtpd ?
Someone in dovecot list asked me to turn off verbose.  I've just enabled
verbose in master.cf & restarted postfix & I've got more logs this time:
seems related to some recipient...canonical...map issue (see below **)

My postfix server responds on Tcp 25:
  Connected to localhost.localdomain (127.0.0.1).
  Escape character is '^]'.
  220 hostname.myportaltech.com ESMTP POSTFIX


>Can you telnet to port 25 from some external host?
Yes, from any public Internet, if I issue
  "telnet public_IP_of_my_postfix_server 25"
it gave the same output as the above "telnet localhost 25"

** maillog when I send from external to myportaltech.com
***


Feb 22 14:04:37 hostname postfix/smtpd[14334]: generic_checks:
name=check_client_access status=1
Feb 22 14:04:37 hostname postfix/smtpd[14334]: >>> CHECKING RECIPIENT MAPS <<<
Feb 22 14:04:37 hostname postfix/smtpd[14334]: ctable_locate: leave
existing entry key r...@myportaltech.com
Feb 22 14:04:37 hostname postfix/smtpd[14334]: maps_find:
recipient_canonical_maps: r...@myportaltech.com: not found
Feb 22 14:04:37 hostname postfix/smtpd[14334]: maps_find:
recipient_canonical_maps: root: not found
Feb 22 14:04:37 hostname postfix/smtpd[14334]: maps_find:
recipient_canonical_maps: @myportaltech.com: not found
Feb 22 14:04:37 hostname postfix/smtpd[14334]: mail_addr_find:
r...@myportaltech.com -> (not found)
Feb 22 14:04:37 hostname postfix/smtpd[14334]: maps_find:
canonical_maps: r...@myportaltech.com: not found
Feb 22 14:04:37 hostname postfix/smtpd[14334]: maps_find:
canonical_maps: root: not found
Feb 22 14:04:37 hostname postfix/smtpd[14334]: maps_find:
canonical_maps: @myportaltech.com: not found
Feb 22 14:04:37 hostname postfix/smtpd[14334]: mail_addr_find:
r...@myportaltech.com -> (not found)
Feb 22 14:04:37 hostname postfix/smtpd[14334]: maps_find:
virtual_alias_maps: r...@myportaltech.com: not found
Feb 22 14:04:37 hostname postfix/smtpd[14334]: maps_find:
virtual_alias_maps: root: not found
Feb 22 14:04:37 hostname postfix/smtpd[14334]: maps_find:
virtual_alias_maps: @myportaltech.com: not found
Feb 22 14:04:37 hostname postfix/smtpd[14334]: mail_addr_find:
r...@myportaltech.com -> (not found)
Feb 22 14:04:37 hostname postfix/smtpd[14334]: >
gate1.mds.com.sg[203.126.130.157]: 250 2.1.5 Ok
Feb 22 14:04:37 hostname postfix/smtpd[14334]: watchdog_pat: 0x80b2f60
Feb 22 14:04:37 hostname postfix/smtpd[14334]: <
gate1.mds.com.sg[203.126.130.157]: DATA
Feb 22 14:04:37 hostname postfix/smtpd[14334]: >
gate1.mds.com.sg[203.126.130.157]: 354 End data with .
Feb 22 14:04:37 hostname postfix/cleanup[14337]: 97DF620004C:
message-id=
Feb 22 14:04:37 hostname postfix/qmgr[14323]: 97DF620004C:
from=, size=1904, nrcpt=2
(queue active)
Feb 22 14:04:37 hostname postfix/smtpd[14334]: public/cleanup socket:
wanted attribute: status
Feb 22 14:04:37 hostname postfix/smtpd[14334]: input attribute name: status
Feb 22 14:04:37 hostname postfix/smtpd[14334]: input attribute value: 0
Feb 22 14:04:37 hostname postfix/smtpd[14334]: public/cleanup socket:
wanted attribute: reason
Feb 22 14:04:37 hostname postfix/smtpd[14334]: input attribute name: reason
Feb 22 14:04:37 hostname postfix/smtpd[14334]: input attribute value: (end)
Feb 22 14:04:37 hostname postfix/smtpd[14334]: public/cleanup socket:
wanted attribute: (list terminator)
Feb 22 14:04:37 hostname postfix/smtpd[14334]: input attribute name: (end)
Feb 22 14:04:37 hostname postfix/smtpd[14334]: >
gate1.mds.com.sg[203.126.130.157]: 250 2.0.0 Ok: queued as 97DF620004C
Feb 22 14:04:37 hostname postfix/smtpd[14334]: watchdog_pat: 0x80b2f60
Feb 22 14:04:42 hostname postfix/smtpd[14334]: <
gate1.mds.com.sg[203.126.130.157]: QUIT
Feb 22 14:04:42 hostname postfix/smtpd[14334]: >
gate1.mds.com.sg[203.126.130.157]: 221 2.0.0 Bye
Feb 22 14:04:42 hostname postfix/smtpd[14334]: match_hostname:
gate1.mds.com.sg ~? 172.18.20.0/24
Feb 22 14:04:42 hostname postfix/smtpd[14334]: match_hostaddr:
203.126.130.157 ~? 172.18.20.0/24
Feb 22 14:04:42 hostname postfix/smtpd[14334]: match_hostname:
gate1.mds.com.sg ~? 127.0.0.0/8
Feb 22 14:04:42 hostname postfix/smtpd[14334]: match_hostaddr:
203.126.130.157 ~? 127.0.0.0/8
Feb 22 14:04:42 hostname postfix/smtpd[14334]: match_hostname:
gate1.mds.com.sg ~? 202.6.163.0/24
Feb 22 14:04:42 hostname postfix/smtpd[14334]: match_hostaddr:
203.126.130.157 ~? 202.6.163.0/24
Feb 22 14:04:42 hostname postfix/smtpd[14334]: match_list_match:
gate1.mds.com.sg: no match
Feb 22 14:04:42 hostname postfix/smtpd[14334]: match_list_match:
203.126.130.157: no match
Feb 22 14:04:42 hostname postfix/smtpd[14334]: send attr request = disconnect
Feb 22 14:04:42 hostname postfix/smtpd

Re: Rejected mails

[Noel Jones]

On 2/21/2011 9:36 PM, sunhux G wrote:

Sending outgoing emails from this dovecot/postfix server is Ok
(ie emails received at destination) but incoming mails keep
getting the logs below :

smtp.myportaltech.com[202.6.163.31]:25: Connection timed out
Feb 21 16:37:04 hostname postfix/smtp[1381]: 8B35C200060:
to=, relay=none, delay=30,
delays=0.1/0.01/30/0, dsn=4.4.1, status=deferred (connect to
smtp.myportaltech.com[202.6.163.31]:25: Connection timed out)



This log snippet is postfix trying to send mail.  Did you mean 
to explain that this is your own host trying to send to 
itself?  Some routers don't allow loopback connections, so you 
can't always connect to your own external IP.


Anything logged by postfix/smtpd ?

So if you
telnet localhost 25
does anything interesting happen?

Can you telnet to port 25 from some external host?





Even if I'm inside the box itself&  send emails to myself, it was not
received too (despite that sending to external emails including gmail
was Ok) :

# mailx -s "tst to localhost" myunixid@localhost<  /etc/hosts
# mailx -s "tst to myportaltech" myuni...@myportaltech.com<  /etc/hosts
# mailx -s "tst to hostname" myunixid@`hostname`<  /etc/hosts
# mailx -s "tst to local private IP" myunixid@private_IP_addr<  /etc/hosts


What shows up in the maillog when you do this?



# su - myunixid
$ mailq
/var/spool/mqueue is empty
 Total requests: 0


That looks like sendmail, not postfix.  Maybe your system is 
confused about which mailer it should be using.


Any "sendmail" log entries?  There shouldn't be.



  -- Noel Jones

Re: Rejected mails

[sunhux G]

Sending outgoing emails from this dovecot/postfix server is Ok
(ie emails received at destination) but incoming mails keep
getting the logs below :

smtp.myportaltech.com[202.6.163.31]:25: Connection timed out
Feb 21 16:37:04 hostname postfix/smtp[1381]: 8B35C200060:
to=, relay=none, delay=30,
delays=0.1/0.01/30/0, dsn=4.4.1, status=deferred (connect to
smtp.myportaltech.com[202.6.163.31]:25: Connection timed out)



Even if I'm inside the box itself & send emails to myself, it was not
received too (despite that sending to external emails including gmail
was Ok) :

# mailx -s "tst to localhost" myunixid@localhost < /etc/hosts
# mailx -s "tst to myportaltech" myuni...@myportaltech.com < /etc/hosts
# mailx -s "tst to hostname" myunixid@`hostname` < /etc/hosts
# mailx -s "tst to local private IP" myunixid@private_IP_addr < /etc/hosts

# su - myunixid
$ mailq
/var/spool/mqueue is empty
Total requests: 0



Awaiting assistance,
Sun

Re: Postfix + google app : how to keep the original sender when relaying mail?

[Jean-Francois Cantin]

I guess I lost sight of the goal. It works like a charm now using delivery
as a peer, and is a much simpler solution.

Thank you,

-JF

Re: Postfix + google app : how to keep the original sender when relaying mail?

[Corey Quinn]

On Feb 21, 2011, at 4:09 PM, Jean-Francois Cantin wrote:

> We recently ditched M$Exchange

Don't do that.  It doesn't reflect well upon you.

> and went to googleApps. Unfortunately we have some windows servers that need 
> to send notification emails, but can't use TLS.

I suspect you mean SASL; TLS is nice to have but isn't absolutely critical for 
what you want to do.

> I setup postfix on an ubuntu 10.04 server. It is configured to send all 
> outbound email to google apps. This works without a problem. And I have the 
> windows servers using postfix server successfully.
> 
> The issue I have is that all mail is sent as one user (the one from the 
> sasl_password file [googleappu...@mydomain.com]). 
> 
Right.  You aren't going to have luck in changing this; Google very much 
doesn't want to be in the smarthost business.

Your best bet may be to ensure the Ubuntu server is set up correctly as a 
sender that gmail (and others) will accept, then having it deliver directly to 
Google like any other host (read as: no SASL, just delivery as a peer).

-- Corey / KB1JWQ

PGP.sig
Description: This is a digitally signed message part

Re: Postfix + google app : how to keep the original sender when relaying mail?

[Noel Jones]

On 2/21/2011 6:09 PM, Jean-Francois Cantin wrote:

We recently ditched M$Exchange and went to googleApps.
Unfortunately we have some windows servers that need to send
notification emails, but can't use TLS.

I setup postfix on an ubuntu 10.04 server. It is configured to
send all outbound email to google apps. This works without a
problem. And I have the windows servers using postfix server
successfully.

The issue I have is that all mail is sent as one user (the one
from the sasl_password file [googleappu...@mydomain.com
]).


(please post in plain text only)

So who's rewriting the address, you or the g-man?

Your logs will show.  If it's you, don't do that.  If it's 
google, you may need to configure alternate senders (or 
something like that) in gmail.



If your postfix is only sending mail to your own domain 
@googleapps, you can probably simplify your setup by getting 
rid of the SASL and relayhost stuff, and just deliver to 
google as a normal SMTP client.




  -- Noel Jones




For example : server01 is using the postfix server smtp on
port 25 (non TLS) to send emails. Instead of receiving an
email from server01u...@mydomain.com
, I'm receiving the email
from googleappu...@mydomain.com
.

Am I trying to do something I should not? I'm new to postfix,
so there must be a concept that I'm missing here.

#postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = postfix-test01, localhost.localdomain, localhost
myhostname = postfix-test01
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [smtp.gmail.com ]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options = noanonymous
smtp_tls_session_cache_database =
btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database =
btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

--
Jean-Francois Cantin

Re: Question about accepting null senders

[Wietse Venema]

Linda Pagillo:
> Will Postfix always accept mail from null senders by default or is there
> something I have to add or change in my main.cf file to make Postfix do
> this? Thanks.

As documented, Postfix implements RFC 5321 (the Internet SMTP protocol).

http://tools.ietf.org/html/rfc5321#section-4.5.5

Wietse

Re: Question about accepting null senders

[Noel Jones]

On 2/21/2011 6:10 PM, Linda Pagillo wrote:

Hi everyone. I’m new to the list and I’m trying to gather some
information about Postfix for my documentation notes. I looked
all over the place to try and find the answer to this
question, but I was unable to, so I thought I would ask the list.

Will Postfix always accept mail from null senders by default
or is there something I have to add or change in my main.cf
file to make Postfix do this? Thanks.




Yes, as required by various RFC's, postfix default config 
accepts the null sender address.


Configuring postfix to reject the null sender is possible, but 
strongly discouraged as doing so will lose legit mail.




  -- Noel Jones

Re: Question about accepting null senders

[Justin Piszcz]

On Mon, 21 Feb 2011, Linda Pagillo wrote:


Hi everyone. I'm new to the list and I'm trying to gather some information
about Postfix for my documentation notes. I looked all over the place to try
and find the answer to this question, but I was unable to, so I thought I
would ask the list.



Will Postfix always accept mail from null senders by default or is there
something I have to add or change in my main.cf file to make Postfix do
this? Thanks.




Hi,

$ cat check_null_sender.pcre

# check_null_sender.pcre
/^<>$/ YOUR_OPTION_HERE

$ grep check_null main.cf
check_sender_access pcre:/etc/postfix/check_null_sender.pcre,

In the appropriate restriction place.

Justin.

Question about accepting null senders

[Linda Pagillo]

Hi everyone. I'm new to the list and I'm trying to gather some information
about Postfix for my documentation notes. I looked all over the place to try
and find the answer to this question, but I was unable to, so I thought I
would ask the list.

 

Will Postfix always accept mail from null senders by default or is there
something I have to add or change in my main.cf file to make Postfix do
this? Thanks.

Postfix + google app : how to keep the original sender when relaying mail?

[Jean-Francois Cantin]

We recently ditched M$Exchange and went to googleApps. Unfortunately we have
some windows servers that need to send notification emails, but can't use
TLS.

I setup postfix on an ubuntu 10.04 server. It is configured to send all
outbound email to google apps. This works without a problem. And I have the
windows servers using postfix server successfully.

The issue I have is that all mail is sent as one user (the one from the
sasl_password file [googleappu...@mydomain.com]).

For example : server01 is using the postfix server smtp on port 25 (non TLS)
to send emails. Instead of receiving an email from server01u...@mydomain.com,
I'm receiving the email from googleappu...@mydomain.com.

Am I trying to do something I should not? I'm new to postfix, so there must
be a concept that I'm missing here.

#postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = postfix-test01, localhost.localdomain, localhost
myhostname = postfix-test01
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [smtp.gmail.com]:587
 smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options = noanonymous
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

--
Jean-Francois Cantin

Re: How to configure postfix to reject every incoming mail with a temporary error?

[John]

On 2/21/2011 5:16 PM, Jeroen Geilman wrote:

On 02/21/2011 11:09 PM, John wrote:

On 2/20/2011 8:05 AM, Matthias Egger wrote:

Background:

After getting complaints about mails which could not be delieverd to 
us i checked the logfiles and found nothing. By nothing i really 
mean nothing. Postfix did not even log a "connect from".


So i started to snoop on the network and found out that incoming 
mails from one of their server does (SYN), we (SYN, ACK) they (ACK) 
and then Postfix sends his "220 smtp..." stuff. But when mails are 
coming from another server they (SYN), we (SYN, ACK), they (ACK) and 
then we again (SYN, ACK) (which after a few more (TCP Dup ACK) and 
(SYN, ACK) leads to a [RST, ACK]).


As our server team has recently patched the solaris machine postfix 
is running on, this behaviour could be a bug releated to this patching.


So my idea was to temporarely change the solaris postfix machine 
with my linux laptop, making sure it uses the same IP and MAC 
Address and some basically configured postfix, while using tcpdump 
to check if these connections behave like before.


My Question:
While i am snooping and waiting for connections from this particular 
server, other incoming mails should be rejected by this temporary 
postfix. But only in a "soft" reject manner. So is there a way to 
configure (or missconfigure?) postfix to tell every incoming attempt 
something like "Sorry, i have a temporary problem. Try to connect 
later".


Best regards,
Matthias
My understanding of your problem is that you think the TCP/IP stack 
is broken on your mail server and that you wish it defer all 
deliveries until you have investigated and fixed the stack problem if 
it exists. While this is going on you want to substitute a "dummy" 
smtp server (using a laptop) designed to request deferred delivery 
until the problem is fixed. You could just go offline, I am not sure 
that you need to do anything as most smtp servers will retry delivery 
for a considerable period.
However, if you feel that it would be better to defer then, I think 
all you need to do is setup a postfix server  with a minimal 
configuration and set the "smtp_client_restrictions = defer" should 
ensure that all email is deferred. It might be a good idea to change 
the "defer_code" to 421 from 450.

Hope this helps


ITYM smtpD_client_restrictions

Yep, you are right I screwed up. just for clarity 
"smtp_client_restrictions" should read "smtp*d*_client_restrictions".

Thanks Jeroen.

--
"All that is necessary for the triumph of evil is that good men do nothing." 
(Edmund Burke)

Re: How to configure postfix to reject every incoming mail with a temporary error?

[Jeroen Geilman]

On 02/21/2011 11:09 PM, John wrote:

On 2/20/2011 8:05 AM, Matthias Egger wrote:

Background:

After getting complaints about mails which could not be delieverd to 
us i checked the logfiles and found nothing. By nothing i really mean 
nothing. Postfix did not even log a "connect from".


So i started to snoop on the network and found out that incoming 
mails from one of their server does (SYN), we (SYN, ACK) they (ACK) 
and then Postfix sends his "220 smtp..." stuff. But when mails are 
coming from another server they (SYN), we (SYN, ACK), they (ACK) and 
then we again (SYN, ACK) (which after a few more (TCP Dup ACK) and 
(SYN, ACK) leads to a [RST, ACK]).


As our server team has recently patched the solaris machine postfix 
is running on, this behaviour could be a bug releated to this patching.


So my idea was to temporarely change the solaris postfix machine with 
my linux laptop, making sure it uses the same IP and MAC Address and 
some basically configured postfix, while using tcpdump to check if 
these connections behave like before.


My Question:
While i am snooping and waiting for connections from this particular 
server, other incoming mails should be rejected by this temporary 
postfix. But only in a "soft" reject manner. So is there a way to 
configure (or missconfigure?) postfix to tell every incoming attempt 
something like "Sorry, i have a temporary problem. Try to connect 
later".


Best regards,
Matthias
My understanding of your problem is that you think the TCP/IP stack is 
broken on your mail server and that you wish it defer all deliveries 
until you have investigated and fixed the stack problem if it exists. 
While this is going on you want to substitute a "dummy" smtp server 
(using a laptop) designed to request deferred delivery until the 
problem is fixed. You could just go offline, I am not sure that you 
need to do anything as most smtp servers will retry delivery for a 
considerable period.
However, if you feel that it would be better to defer then, I think 
all you need to do is setup a postfix server  with a minimal 
configuration and set the "smtp_client_restrictions = defer" should 
ensure that all email is deferred. It might be a good idea to change 
the "defer_code" to 421 from 450.

Hope this helps


ITYM smtpD_client_restrictions



--
J.

Re: How to configure postfix to reject every incoming mail with a temporary error?

[John]

On 2/20/2011 8:05 AM, Matthias Egger wrote:

Background:

After getting complaints about mails which could not be delieverd to 
us i checked the logfiles and found nothing. By nothing i really mean 
nothing. Postfix did not even log a "connect from".


So i started to snoop on the network and found out that incoming mails 
from one of their server does (SYN), we (SYN, ACK) they (ACK) and then 
Postfix sends his "220 smtp..." stuff. But when mails are coming from 
another server they (SYN), we (SYN, ACK), they (ACK) and then we again 
(SYN, ACK) (which after a few more (TCP Dup ACK) and (SYN, ACK) leads 
to a [RST, ACK]).


As our server team has recently patched the solaris machine postfix is 
running on, this behaviour could be a bug releated to this patching.


So my idea was to temporarely change the solaris postfix machine with 
my linux laptop, making sure it uses the same IP and MAC Address and 
some basically configured postfix, while using tcpdump to check if 
these connections behave like before.


My Question:
While i am snooping and waiting for connections from this particular 
server, other incoming mails should be rejected by this temporary 
postfix. But only in a "soft" reject manner. So is there a way to 
configure (or missconfigure?) postfix to tell every incoming attempt 
something like "Sorry, i have a temporary problem. Try to connect later".


Best regards,
Matthias
My understanding of your problem is that you think the TCP/IP stack is 
broken on your mail server and that you wish it defer all deliveries 
until you have investigated and fixed the stack problem if it exists. 
While this is going on you want to substitute a "dummy" smtp server 
(using a laptop) designed to request deferred delivery until the problem 
is fixed. You could just go offline, I am not sure that you need to do 
anything as most smtp servers will retry delivery for a considerable period.
However, if you feel that it would be better to defer then, I think all 
you need to do is setup a postfix server  with a minimal configuration 
and set the "smtp_client_restrictions = defer" should ensure that all 
email is deferred. It might be a good idea to change the "defer_code" to 
421 from 450.

Hope this helps
--

"All that is necessary for the triumph of evil is that good men do nothing." 
(Edmund Burke)

Re: pflogsumm and logfiles without machine name

[Martin Schütte]

On 02/21/11 15:37, Reindl Harald wrote:
> Is there a way to get "pflogsumm" work with logfiles without
> a machine name because the hostname is useless overhead
> as long it is the same in every line

You could just reinsert the hostname with sed:
sed -e 's/ postfix\// localhost postfix\//' /var/log/maillog | pflogsumm

But IMHO you should not change the log format. What is the benefit? --
Saving 1 or 2Mb disk space per year (after log rotation & compression)?
The time you already spend with the issue is more expensive than that.
Not to mention the problems should you ever want to add a second server,
a central log host, or any log analysis tool.

-- 
Martin

pflogsumm and logfiles without machine name

[Reindl Harald]

Is there a way to get "pflogsumm" work with logfiles without
a machine name because the hostname is useless overhead
as long it is the same in every line

/etc/rsyslog.conf:
$template myFormat,"%TIMESTAMP% 
%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
$ActionFileDefaultTemplate myFormat


Feb 21 02:09:25 postfix/smtpd[26221]: 6347332B: client=localhost[127.0.0.1]



signature.asc
Description: OpenPGP digital signature

Re: Attempting delivery to wrong domain?

[D G Teed]

On Mon, Feb 21, 2011 at 10:01 AM,  wrote:

> Zitat von D G Teed :
>
>
>  I suspect there is a simple explanation to this I've overlooked.
>>
>> We have a problem delivering to one address @eastlink.ca
>>
>> The odd thing is that the bounce is from google mail, and this Canadian
>> ISP
>> does not use google mail services.
>>
>> I've tested that 'host -t mx eastlnk.ca' returns the smtpin.eastlink.caon
>> the mail server.
>>
>> In the log I see something like this:
>>
>> Feb 21 09:27:46 myserv postfix-internal/smtp[2601]: 131642E57CE: to=<
>> xx...@eastink.ca>, relay=ASPMX.L.GOOGLE.COM[74.125.47.27]:25,
>> delay=4.8,
>> delays=0.22/0/1.4/3.1, dsn=5.1.1, status=bounced (host
>> ASPMX.L.GOOGLE.COM[74.125.47.27]
>>
>
> eastink.ca != eastlink.ca
>
> Regards
>
> Andreas
>
>
Thanks.  Monday morning.  Copy and pasted address, but typed in host
lookups.
Ugh.  My bad.  Sorry.

--Donald

Re: Attempting delivery to wrong domain?

[lst_hoe02]

Zitat von D G Teed :


I suspect there is a simple explanation to this I've overlooked.

We have a problem delivering to one address @eastlink.ca

The odd thing is that the bounce is from google mail, and this Canadian ISP
does not use google mail services.

I've tested that 'host -t mx eastlnk.ca' returns the smtpin.eastlink.ca on
the mail server.

In the log I see something like this:

Feb 21 09:27:46 myserv postfix-internal/smtp[2601]: 131642E57CE: to=<
xx...@eastink.ca>, relay=ASPMX.L.GOOGLE.COM[74.125.47.27]:25, delay=4.8,
delays=0.22/0/1.4/3.1, dsn=5.1.1, status=bounced (host
ASPMX.L.GOOGLE.COM[74.125.47.27]


eastink.ca != eastlink.ca

Regards

Andreas




smime.p7s
Description: S/MIME Cryptographic Signature

Attempting delivery to wrong domain?

[D G Teed]

I suspect there is a simple explanation to this I've overlooked.

We have a problem delivering to one address @eastlink.ca

The odd thing is that the bounce is from google mail, and this Canadian ISP
does not use google mail services.

I've tested that 'host -t mx eastlnk.ca' returns the smtpin.eastlink.ca on
the mail server.

In the log I see something like this:

Feb 21 09:27:46 myserv postfix-internal/smtp[2601]: 131642E57CE: to=<
xx...@eastink.ca>, relay=ASPMX.L.GOOGLE.COM[74.125.47.27]:25, delay=4.8,
delays=0.22/0/1.4/3.1, dsn=5.1.1, status=bounced (host
ASPMX.L.GOOGLE.COM[74.125.47.27]
said: 550-5.1.1 The email account that you tried to reach does not exist.
Please try 550-5.1.1 double-checking the recipient's email address for typos
or 550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 
http://mail.google.com/support/bin/answer.py?answer=659655si11628884yhl.18
(in reply to RCPT TO command))

If I do this via a telnet session to port 25 on smtpin.eastlink.ca
I don't get the above error.

tcpdump of a send through postfix (on another test to same address)
reveals it was talking with iy-in-f27.1e100.net
- belonging to google.  Also, in the same tcpdump capture
I happen to see another email sent to an eastlink.ca
address and it contacted the right server.

I've verified the problem myself, going to my smtp directly with my email
client.

The problem is specific to one address.  Sounds like a mapping, but I can't
find it.  If I do 'grep eastlink.ca *' in my postfix directory or on
/etc/aliases,
there is no match.

Are there any more places to search for this or ways I can trace it?

--Donald

Re: info greylist mechanism

[Matteo Cazzador]

Thank's a lot


Zitat von Matteo Cazzador :

Hello i've read something about grey list and  i've a question about 
it:


Is it better to use postgrey or i can use directly postfix greylist  
mechanism (http://www.postfix.org/SMTPD_POLICY_README.html#greylist)

to realize greylist system? what the difference ?


As stated the included perl greylist script is a "example". It works
but lacks some features like automatic whitelist and database
maintenance.


And then can i use postscreen to realize greylist control?


This has been discussed lately. As far as i know postscreen may do
some form of greylisting in future.


(which role have postscreen respect ex amavisd-new?)


Postscreen is a light-weight front defense to block as much as
possible as early as possible. Amavisd-new is a heavy-weight content
filter to chew on the rest.

Ultimate question can i 've control about greylist_delay time in  
which mail return to my server?


No, it's up to the sender how long it will take until it retries.
There are still systems out there which never retry BTW.

Regards

Andreas


--
Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
**
Ing. Matteo Cazzador
NetLite Snc
di Gagliardi A. Cazzador M.
C.so Vittorio Emanuele II, 188
37069 Villafranca di Verona (VR)
Tel 045 4856656
Fax 045 4856655
C.F. E P.IVA 03782800233
Email: mat...@netlite.it
Web: http://www.netlite.it
**

Re: separate backend for different domains

[Erwan Loaëc]

Hey!

Wonderful :o)
I don't know why I've never read this before. I'm going to take a look 
of theses two parameters.


Thanks

--
Erwan


Wietse Venema wrote:

Erwan Loa�c:

Hello,

We have a postfix system which handle many alias and users with virtual 
transport. The backend used is LDAP.


Now, I have to use mysql backend for some other specific domains.

How can I set this to make postfix looking to ldap for a "list of 
domain" and looking to mysql for "an other list of domain".


See below.

Wietse

man ldap_table

   domain (default: no domain list)
  This is a list of domain names, paths to files,  or
  dictionaries.  When specified, only fully qualified
  search keys with  a  *non-empty*  localpart  and  a
  matching  domain  are  eligible  for lookup: 'user'
  lookups, bare domain lookups and "@domain"  lookups
  are  not  performed.  This can significantly reduce
  the query load on the LDAP server.

  domain = postfix.org, hash:/etc/postfix/searchdomains

  It is best not to use LDAP  to  store  the  domains
  eligible for LDAP lookups.

  NOTE:  DO  NOT  define  this parameter for local(8)
  aliases.

  This feature is available in Postfix 1.0 and later.

man mysql_table

   domain (default: no domain list)
  This is a list of domain names, paths to files,  or
  dictionaries.  When specified, only fully qualified
  search keys with  a  *non-empty*  localpart  and  a
  matching  domain  are  eligible  for lookup: 'user'
  lookups, bare domain lookups and "@domain"  lookups
  are  not  performed.  This can significantly reduce
  the query load on the MySQL server.
  domain = postfix.org, hash:/etc/postfix/searchdomains

  It is best not to use SQL to store the domains eli-
  gible for SQL lookups.

  This  parameter  is  available with Postfix 2.2 and
  later.

  NOTE: DO NOT define  this  parameter  for  local(8)
  aliases, because the input keys are always unquali-
  fied.

Re: separate backend for different domains

[Wietse Venema]

Erwan Loa?c:
> Hello,
> 
> We have a postfix system which handle many alias and users with virtual 
> transport. The backend used is LDAP.
> 
> Now, I have to use mysql backend for some other specific domains.
> 
> How can I set this to make postfix looking to ldap for a "list of 
> domain" and looking to mysql for "an other list of domain".

See below.

Wietse

man ldap_table

   domain (default: no domain list)
  This is a list of domain names, paths to files,  or
  dictionaries.  When specified, only fully qualified
  search keys with  a  *non-empty*  localpart  and  a
  matching  domain  are  eligible  for lookup: 'user'
  lookups, bare domain lookups and "@domain"  lookups
  are  not  performed.  This can significantly reduce
  the query load on the LDAP server.

  domain = postfix.org, hash:/etc/postfix/searchdomains

  It is best not to use LDAP  to  store  the  domains
  eligible for LDAP lookups.

  NOTE:  DO  NOT  define  this parameter for local(8)
  aliases.

  This feature is available in Postfix 1.0 and later.

man mysql_table

   domain (default: no domain list)
  This is a list of domain names, paths to files,  or
  dictionaries.  When specified, only fully qualified
  search keys with  a  *non-empty*  localpart  and  a
  matching  domain  are  eligible  for lookup: 'user'
  lookups, bare domain lookups and "@domain"  lookups
  are  not  performed.  This can significantly reduce
  the query load on the MySQL server.
  domain = postfix.org, hash:/etc/postfix/searchdomains

  It is best not to use SQL to store the domains eli-
  gible for SQL lookups.

  This  parameter  is  available with Postfix 2.2 and
  later.

  NOTE: DO NOT define  this  parameter  for  local(8)
  aliases, because the input keys are always unquali-
  fied.

Re: separate backend for different domains

[lst_hoe02]

Zitat von Erwan Loaëc :


Hello,

We have a postfix system which handle many alias and users with  
virtual transport. The backend used is LDAP.


Now, I have to use mysql backend for some other specific domains.

How can I set this to make postfix looking to ldap for a "list of  
domain" and looking to mysql for "an other list of domain".


Everything works when I define in virtual_alias_maps the different  
mysql:XXX ldap:XXX. And all the domains are defined on  
virtual_mailbox_domains.


I don't want postfix to query mysql on every mails...


Have a look at the "domain" parameter in ldap_table/mysql_table.

Regards

Andreas




smime.p7s
Description: S/MIME Cryptographic Signature

separate backend for different domains

[Erwan Loaëc]

Hello,

We have a postfix system which handle many alias and users with virtual 
transport. The backend used is LDAP.


Now, I have to use mysql backend for some other specific domains.

How can I set this to make postfix looking to ldap for a "list of 
domain" and looking to mysql for "an other list of domain".


Everything works when I define in virtual_alias_maps the different 
mysql:XXX ldap:XXX. And all the domains are defined on 
virtual_mailbox_domains.


I don't want postfix to query mysql on every mails...

How can I seperate this in "two different processes" ...?

Thanks !

--
Erwan Loaec

Re: warning: truncate before-queue filter speed-adjust log: Permission denied

[Wietse Venema]

Matthias Andree:
> On Fri, 18 Feb 2011, Wietse Venema wrote:
> 
> > Please file a ZFS bug reportug. As per POSIX, when the O_CREAT is
> > specified to open(),
> > 
> > The third argument does not affect whether the file is open
> > for reading, writing or for both.
> > 
> > In other words, read/write access is controlled with the O_RDWR flags,
> > not the read/write permissions argument.
> > 
> > When the above error happens, Postfix discards the file. Consequently,
> > Postfix performance will be reduced, because it creates one extra file
> > per MAIL transaction, instead of one extra file over the process
> > lifetime.
> 
> That being said, I found ZFS performance abysmal, that is with a
> single-disk pool (one partition on an enterprise-class 7200/min HDD,
> amd64, 4 GB DDR3 ECC RAM, Phenom II X4 905e i. e. 4 x 2.5 GHz) on
> FreeBSD 8.X, and ZFS prefetching enabled in the loader tunable.
> 
> I'd been running /usr with compression enabled, and stat() effort,
> writes, and thereabouts were unbearably slow, even with a 85% filled
> partition (the pool was 100% full one time before).  I've switched to
> UFS2 on a 5400/min eco-consumer-class drive for the nonce and it just
> flies.  I haven't analyzed this, but it seems there still are a few
> rough edges in ZFS-on-FreeBSD that need to be filed down a bit :)

Let me guess: the eco-consumer-class drive was running with write 
caching enabled. I remember achieving better latencies on a $500
computer than with a (small) server whose disk alone cost hundreds. 

> Note that ZFS on FreeBSD also still has a bug that it can't delete files
> if the partition is full. You need to manually truncate files (to create
> room for the relevant deletion log entries) before you can remove files.
> (I've file a problem report for that but don't know the PR # yet.)

Will ZFS allow non-root users to fill up the whole disk?

Wietse

Re: "default_transport" not working in all cases

[Reindl Harald]

It seems you did not read my mail

Am 21.02.2011 13:51, schrieb Charles Marcus:
> On 2011-02-21 7:43 AM, Reindl Harald wrote:
>> Feb 21 13:41:52 postfix/smtp[14418]: warning: relayhost configuration problem
>> Feb 21 13:41:52 postfix/smtp[14418]: 2D60D3DF7: 
>> to=, relay=none, delay=0.05,
>> delays=0.03/0.01/0/0, dsn=4.3.5, status=deferred (mail for 127.0.0.1 loops 
>> back to myself)
> 
> The above should be enough...

This is AFTER "relayhost = 127.0.0.1"

"default_transport = error:5.1.2 mail to remote domains not permitted"
should reject and does not if the target is a subdomain

The following is the expected result and you see that "relayhost = 127.0.0.1"
is not triggered because "default_transport" is working, but why not for
"t...@de.bp.com"?

Feb 21 13:55:38 postfix/smtpd[14674]: NOQUEUE: reject: RCPT from 
localhost[127.0.0.1]: 550 5.1.2
: Recipient address rejected: mail to remote domains not 
permitted; from=
to= proto=ESMTP helo=<[127.0.0.1]>




signature.asc
Description: OpenPGP digital signature

Re: info greylist mechanism

[lst_hoe02]

Zitat von Matteo Cazzador :


Hello i've read something about grey list and  i've a question about it:

Is it better to use postgrey or i can use directly postfix greylist  
mechanism (http://www.postfix.org/SMTPD_POLICY_README.html#greylist)

to realize greylist system? what the difference ?


As stated the included perl greylist script is a "example". It works  
but lacks some features like automatic whitelist and database  
maintenance.



And then can i use postscreen to realize greylist control?


This has been discussed lately. As far as i know postscreen may do  
some form of greylisting in future.



(which role have postscreen respect ex amavisd-new?)


Postscreen is a light-weight front defense to block as much as  
possible as early as possible. Amavisd-new is a heavy-weight content  
filter to chew on the rest.


Ultimate question can i 've control about greylist_delay time in  
which mail return to my server?


No, it's up to the sender how long it will take until it retries.  
There are still systems out there which never retry BTW.


Regards

Andreas




smime.p7s
Description: S/MIME Cryptographic Signature

Re: "default_transport" not working in all cases

[Charles Marcus]

On 2011-02-21 7:43 AM, Reindl Harald wrote:
> Feb 21 13:41:52 postfix/smtp[14418]: warning: relayhost configuration problem
> Feb 21 13:41:52 postfix/smtp[14418]: 2D60D3DF7: to=, 
> relay=none, delay=0.05,
> delays=0.03/0.01/0/0, dsn=4.3.5, status=deferred (mail for 127.0.0.1 loops 
> back to myself)

The above should be enough...

-- 

Best regards,

Charles

"default_transport" not working in all cases

[Reindl Harald]

Hi

In a local machine i have the following setup to prevent sending outside
and catch some domain local, but why in the world is the second log-entry
relayed instead reject like the first one?

default_transport = error:5.1.2 mail to remote domains not permitted

Now i fixed this problem with "relayhost = 127.0.0.1" but this is a dirty 
workaround
This seems to happen everytime a subdomain is involved and maybe postfix 2.8.0 
only


Feb 21 13:23:05 postfix/smtpd[13782]: NOQUEUE: reject: RCPT from 
localhost[127.0.0.1]: 550 5.1.2
: Recipient address rejected: mail to remote domains not 
permitted; from=
to= proto=ESMTP helo=<[127.0.0.1]>

Feb 21 13:25:22 postfix/cleanup[13829]: 4088648A8: 
message-id=<4d6259b1.5070...@test.rh>
Feb 21 13:25:22 postfix/qmgr[13436]: 4088648A8: from=, 
size=714, nrcpt=1 (queue active)
Feb 21 13:25:23 postfix/smtp[13835]: Host offered STARTTLS: 
[cluster8.us.messagelabs.com]
Feb 21 13:25:23 postfix/smtp[13835]: 4088648A8: to=,
relay=cluster8.us.messagelabs.com[216.82.254.195]:25, delay=1.2, 
delays=0.07/0.01/0.7/0.38, dsn=2.0.0, status=sent
(250 ok 1298291123 qp 22271 
server-11.tower-200.messagelabs.com!1298291122!61653925!1)

Feb 21 13:41:52 postfix/qmgr[14369]: 2D60D3DF7: from=, 
size=729, nrcpt=1 (queue active)
Feb 21 13:41:52 postfix/smtp[14418]: warning: relayhost configuration problem
Feb 21 13:41:52 postfix/smtp[14418]: 2D60D3DF7: to=, 
relay=none, delay=0.05,
delays=0.03/0.01/0/0, dsn=4.3.5, status=deferred (mail for 127.0.0.1 loops back 
to myself)



signature.asc
Description: OpenPGP digital signature

info greylist mechanism

[Matteo Cazzador]

Hello i've read something about grey list and  i've a question about 
it:


Is it better to use postgrey or i can use directly postfix greylist 
mechanism (http://www.postfix.org/SMTPD_POLICY_README.html#greylist)

to realize greylist system? what the difference ?
And then can i use postscreen to realize greylist control?
(which role have postscreen respect ex amavisd-new?)
Ultimate question can i 've control about greylist_delay time in which 
mail return to my server?


Thank's everybody and excuse for my "english".


--
Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
**
Ing. Matteo Cazzador
NetLite Snc
di Gagliardi A. Cazzador M.
C.so Vittorio Emanuele II, 188
37069 Villafranca di Verona (VR)
Tel 045 4856656
Fax 045 4856655
C.F. E P.IVA 03782800233
Email: mat...@netlite.it
Web: http://www.netlite.it
**

Re: greylisting with postscreen?

[Craig Waddington]

On 10/02/2011 3:59 PM, Wietse Venema wrote:

To greylist, see: http://www.postfix.org/SMTPD_POLICY_README.html

On th eother hand, making the "PASS NEW" event a trigger for a
penalty time should require little new code. I added support for
"penalty time" late last year but it is currently unused for lack
of a "trigger" mechanism. Penalty time means the client gets 4xx
replies until the penalty time expires.

Penalty time after "PASS NEW" is a relatively crude mechanism
compared to real greylisting, but it might do the job. Perhaps
later in the year.

Wietse


Many thanks for the info - I will keep an eye out for the new versions!


__ Information from ESET Smart Security, version of virus signature 
database 5892 (20110221) __

The message was checked by ESET Smart Security.

http://www.eset.com

Re: greylisting with postscreen?

[Craig Waddington]

On 10/02/2011 3:04 PM, Christian Roessner wrote:

Hi,


I am trying out the postscreen server - and am very impressed so far. My 
original interest was in greylisting - so I have the deep protocol tests turned 
on so that the temporary failure code 45x is returned for non-whitelisted 
clients.

During my testing - I noticed that the small trickle of spam that still makes 
it past postscreen reattempts immediately after a 45x with no delay, whereas 
genuine mail will wait at least a few minutes before reattempting after a 45x.


I hope, I may ask, but if a client is able to queue mail after a 45x, wouldn't 
this same client come back after 300 seconds, too? And so skipping the 
greylisting barrier? Or are there some bots outside that can do that? But even 
then, they might be lucky at a later time, when the host, where they live on, 
returns (even with dynamic IP; just a question of patients).

Christian


Yes - I am assuming that most bots wouldn't queue, although I have no 
evidence for this. I think you are right that there may be cases where 
bots will still get through if they send different spam at a later time.



__ Information from ESET Smart Security, version of virus signature 
database 5892 (20110221) __

The message was checked by ESET Smart Security.

http://www.eset.com

Re: warning: truncate before-queue filter speed-adjust log: Permission denied

[Matthias Andree]

On Fri, 18 Feb 2011, Wietse Venema wrote:

> Please file a ZFS bug reportug. As per POSIX, when the O_CREAT is
> specified to open(),
> 
> The third argument does not affect whether the file is open
> for reading, writing or for both.
> 
> In other words, read/write access is controlled with the O_RDWR flags,
> not the read/write permissions argument.
> 
> When the above error happens, Postfix discards the file. Consequently,
> Postfix performance will be reduced, because it creates one extra file
> per MAIL transaction, instead of one extra file over the process
> lifetime.

That being said, I found ZFS performance abysmal, that is with a
single-disk pool (one partition on an enterprise-class 7200/min HDD,
amd64, 4 GB DDR3 ECC RAM, Phenom II X4 905e i. e. 4 x 2.5 GHz) on
FreeBSD 8.X, and ZFS prefetching enabled in the loader tunable.

I'd been running /usr with compression enabled, and stat() effort,
writes, and thereabouts were unbearably slow, even with a 85% filled
partition (the pool was 100% full one time before).  I've switched to
UFS2 on a 5400/min eco-consumer-class drive for the nonce and it just
flies.  I haven't analyzed this, but it seems there still are a few
rough edges in ZFS-on-FreeBSD that need to be filed down a bit :)

Note that ZFS on FreeBSD also still has a bug that it can't delete files
if the partition is full. You need to manually truncate files (to create
room for the relevant deletion log entries) before you can remove files.
(I've file a problem report for that but don't know the PR # yet.)

Rejected mails

[sunhux G]

Hi,

I'm getting closer, now with SMTP permitted to whole of Internet to
connect to my SMTP/postfix server & for my postfix server to
connect out to public Internet on tcp 25 as well.

I send emails from permitted SMTP servers with "Receipt acknowledgemt"
& the ack returned said it was delivered but somehow there's no mail
in the mailbox & using the site below to test, it gave Rejected :

http://legacy.zoneedit.com/whois.html


OK, connected to gate1.mds.com.sg...
< 220 gate1.mds.com.sg ESMTP
> HELO edit.dnsvr.com
< 250 gate1.mds.com.sg
> MAIL FROM:
< 250 sender  ok
> RCPT TO:
< 550 #5.1.0 Address rejected.


=== latest maillog ==
Feb 21 16:36:34 hostname postfix/smtpd[1372]: input attribute value: 0
Feb 21 16:36:34 hostname postfix/smtpd[1372]: private/rewrite socket:
wanted attribute: transport
Feb 21 16:36:34 hostname postfix/smtpd[1372]: input attribute name: transport
Feb 21 16:36:34 hostname postfix/smtpd[1372]: input attribute value: relay
Feb 21 16:36:34 hostname postfix/smtpd[1372]: private/rewrite socket:
wanted attribute: nexthop
Feb 21 16:36:34 hostname postfix/smtpd[1372]: input attribute name: nexthop
Feb 21 16:36:34 hostname postfix/smtpd[1372]: input attribute value:
myportaltech.com
Feb 21 16:36:34 hostname postfix/smtpd[1372]: private/rewrite socket:
wanted attribute: recipient
Feb 21 16:36:34 hostname postfix/smtpd[1372]: input attribute name: recipient
Feb 21 16:36:34 hostname postfix/smtpd[1372]: input attribute value:
r...@myportaltech.com
Feb 21 16:36:34 hostname postfix/smtpd[1372]: private/rewrite socket:
wanted attribute: flags
Feb 21 16:36:34 hostname postfix/smtpd[1372]: input attribute name: flags
Feb 21 16:36:34 hostname postfix/smtpd[1372]: input attribute value: 2048
Feb 21 16:36:34 hostname postfix/smtpd[1372]: private/rewrite socket:
wanted attribute: (list terminator)
Feb 21 16:36:34 hostname postfix/smtpd[1372]: input attribute name: (end)
Feb 21 16:36:34 hostname postfix/smtpd[1372]: resolve_clnt: `' ->
`r...@myportaltech.com' -> transp=`relay' host=`myportaltech.com'
rcpt=`r...@myportaltech.com' flags= class=relay
Feb 21 16:36:34 hostname postfix/smtpd[1372]: ctable_locate: install
entry key r...@myportaltech.com
Feb 21 16:36:34 hostname postfix/smtpd[1372]: extract_addr: in:
, result: r...@myportaltech.com
Feb 21 16:36:34 hostname postfix/smtpd[1372]: >>> START Recipient
address RESTRICTIONS <<<
Feb 21 16:36:34 hostname postfix/smtpd[1372]: generic_checks:
name=reject_invalid_hostname
Feb 21 16:36:34 hostname postfix/smtpd[1372]: reject_invalid_hostname:
gate1.mds.com.sg
Feb 21 16:36:34 hostname postfix/smtpd[1372]: generic_checks:
name=reject_invalid_hostname status=0
Feb 21 16:36:34 hostname postfix/smtpd[1372]: generic_checks:
name=reject_unauth_pipelining
Feb 21 16:36:34 hostname postfix/smtpd[1372]: reject_unauth_pipelining: RCPT
Feb 21 16:36:34 hostname postfix/smtpd[1372]: generic_checks:
name=reject_unauth_pipelining status=0
Feb 21 16:36:34 hostname postfix/smtpd[1372]: generic_checks:
name=permit_mynetworks
Feb 21 16:36:34 hostname postfix/smtpd[1372]: permit_mynetworks:
gate1.mds.com.sg 203.126.130.157
Feb 21 16:36:34 hostname postfix/smtpd[1372]: match_hostname:
gate1.mds.com.sg ~? 172.18.20.0/24
Feb 21 16:36:34 hostname postfix/smtpd[1372]: match_hostaddr:
203.126.130.157 ~? 172.18.20.0/24
Feb 21 16:36:34 hostname postfix/smtpd[1372]: match_hostname:
gate1.mds.com.sg ~? 127.0.0.0/8
Feb 21 16:36:34 hostname postfix/smtpd[1372]: match_hostaddr:
203.126.130.157 ~? 127.0.0.0/8
Feb 21 16:36:34 hostname postfix/smtpd[1372]: match_hostname:
gate1.mds.com.sg ~? 202.6.163.0/24
Feb 21 16:36:34 hostname postfix/smtpd[1372]: match_hostaddr:
203.126.130.157 ~? 202.6.163.0/24
Feb 21 16:36:34 hostname postfix/smtpd[1372]: match_list_match:
gate1.mds.com.sg: no match
Feb 21 16:36:34 hostname postfix/smtpd[1372]: match_list_match:
203.126.130.157: no match
Feb 21 16:36:34 hostname postfix/smtpd[1372]: generic_checks:
name=permit_mynetworks status=0
Feb 21 16:36:34 hostname postfix/smtpd[1372]: generic_checks:
name=permit_sasl_authenticated
Feb 21 16:36:34 hostname postfix/smtpd[1372]: generic_checks:
name=permit_sasl_authenticated status=0
Feb 21 16:36:34 hostname postfix/smtpd[1372]: generic_checks:
name=reject_unauth_destination
Feb 21 16:36:34 hostname postfix/smtpd[1372]:
reject_unauth_destination: r...@myportaltech.com
Feb 21 16:36:34 hostname postfix/smtpd[1372]: permit_auth_destination:
r...@myportaltech.com
Feb 21 16:36:34 hostname postfix/smtpd[1372]: ctable_locate: leave
existing entry key r...@myportaltech.com
Feb 21 16:36:34 hostname postfix/smtpd[1372]: generic_checks:
name=reject_unauth_destination status=0
Feb 21 16:36:34 hostname postfix/smtpd[1372]: generic_checks:
name=check_client_access
Feb 21 16:36:34 hostname postfix/smtpd[1372]: check_namadr_access:
name gate1.mds.com.sg addr 203.126.130.157
Feb 21 16:36:34 hostname postfix/smtpd[1372]: check_domain_access:
gate1.mds.com.sg
Feb 21 16:36:34 hostname postfix/smtpd[1